You are here

T-559: Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote execution

February 17, 2011 - 7:00am

Addthis

PROBLEM:

Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote execution.

PLATFORM:

IBM Informix Dynamic Server (IDS) 11.50

ABSTRACT:

Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote execution attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement.

reference LINKS:

Security Database - Reference - CVE-2011-1033
CVE Details - Reference - CVE-2011-1033

IMPACT ASSESSMENT:

High

Discussion:

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Informix Database Server. SQL query execution privileges are required to exploit this vulnerability. The specific flaw exists within the oninit process bound to TCP port 9088 when processing the arguments to the USELASTCOMMITTED option in a SQL query. User-supplied data is copied into a stack-based buffer without proper bounds checking resulting in an exploitable overflow. Exploitation can result in arbitrary code execution under the context of the database server.

Solution:

There are no available solutions to this vulnerability. Please use the reference link provided below for updated vendor support.
IBM Reference

Addthis